From: Matěj Grabovský Date: Mon, 20 Jun 2011 19:45:35 +0000 (+0000) Subject: Follow-up r90371, per comment by ^demon X-Git-Tag: 1.31.0-rc.0~29393 X-Git-Url: https://git.cyclocoop.org/%27.WWW_URL.%27admin/?a=commitdiff_plain;h=c8c3159a8579d6c457852c467f95e322e9ca7002;p=lhc%2Fweb%2Fwiklou.git Follow-up r90371, per comment by ^demon Escape wikitext in username before passing it to certain messages; also remove s in those as they're superfluous. --- diff --git a/includes/Article.php b/includes/Article.php index ea677385dc..efb1490f3c 100644 --- a/includes/Article.php +++ b/includes/Article.php @@ -1439,7 +1439,7 @@ class Article { if ( !$user->isLoggedIn() && !$ip ) { # User does not exist $wgOut->wrapWikiMsg( "
\n\$1\n
", - array( 'userpage-userdoesnotexist-view', $rootPart ) ); + array( 'userpage-userdoesnotexist-view', wfEscapeWikiText( $rootPart ) ) ); } elseif ( $user->isBlocked() ) { # Show log extract if the user is currently blocked LogEventsList::showLogExtract( $wgOut, @@ -2732,7 +2732,8 @@ class Article { Html::rawElement( 'div', array( 'class' => 'error mw-error-cannotdelete' ), - wfMsgExt( 'cannotdelete', array( 'parse' ), $this->mTitle->getPrefixedText() ) + wfMsgExt( 'cannotdelete', array( 'parse' ), + wfEscapeWikiText( $this->mTitle->getPrefixedText() ) ) ) ); $wgOut->addHTML( Xml::element( 'h2', null, LogPage::logName( 'delete' ) ) ); @@ -3000,7 +3001,7 @@ class Article { $loglink = '[[Special:Log/delete|' . wfMsgNoTrans( 'deletionlog' ) . ']]'; - $wgOut->addWikiMsg( 'deletedtext', $deleted, $loglink ); + $wgOut->addWikiMsg( 'deletedtext', wfEscapeWikiText( $deleted ), $loglink ); $wgOut->returnToMain( false ); } else { if ( $error == '' ) { @@ -3008,7 +3009,8 @@ class Article { Html::rawElement( 'div', array( 'class' => 'error mw-error-cannotdelete' ), - wfMsgExt( 'cannotdelete', array( 'parse' ), $this->mTitle->getPrefixedText() ) + wfMsgExt( 'cannotdelete', array( 'parse' ), + wfEscapeWikiText( $this->mTitle->getPrefixedText() ) ) ) ); diff --git a/includes/EditPage.php b/includes/EditPage.php index 60e4f9c0c4..78e770b2b7 100644 --- a/includes/EditPage.php +++ b/includes/EditPage.php @@ -792,7 +792,7 @@ class EditPage { $ip = User::isIP( $username ); if ( !$user->isLoggedIn() && !$ip ) { # User does not exist $wgOut->wrapWikiMsg( "
\n$1\n
", - array( 'userpage-userdoesnotexist', $username ) ); + array( 'userpage-userdoesnotexist', wfEscapeWikiText( $username ) ) ); } elseif ( $user->isBlocked() ) { # Show log extract if the user is currently blocked LogEventsList::showLogExtract( $wgOut, diff --git a/includes/ProtectionForm.php b/includes/ProtectionForm.php index 63f23a3ae5..10b7fd9c09 100644 --- a/includes/ProtectionForm.php +++ b/includes/ProtectionForm.php @@ -237,7 +237,8 @@ class ProtectionForm { $wgOut->showPermissionsErrorPage( $this->mPermErrors ); } } else { - $wgOut->addWikiMsg( 'protect-text', $this->mTitle->getPrefixedText() ); + $wgOut->addWikiMsg( 'protect-text', + wfEscapeWikiText( $this->mTitle->getPrefixedText() ) ); } $wgOut->addHTML( $this->buildForm() ); diff --git a/includes/actions/DeleteAction.php b/includes/actions/DeleteAction.php index 136a4eb6ea..250e7a294c 100644 --- a/includes/actions/DeleteAction.php +++ b/includes/actions/DeleteAction.php @@ -204,7 +204,7 @@ class DeleteAction extends Action { $this->getOutput()->setPagetitle( wfMsg( 'actioncomplete' ) ); $this->getOutput()->addWikiMsg( 'deletedtext', - $this->getTitle()->getPrefixedText(), + wfEscapeWikiText( $this->getTitle()->getPrefixedText() ), '[[Special:Log/delete|' . wfMsgNoTrans( 'deletionlog' ) . ']]' ); $this->getOutput()->returnToMain( false ); diff --git a/includes/specials/SpecialBlock.php b/includes/specials/SpecialBlock.php index b481b90e35..7a1ad26eaf 100644 --- a/includes/specials/SpecialBlock.php +++ b/includes/specials/SpecialBlock.php @@ -486,7 +486,8 @@ class SpecialBlock extends SpecialPage { if( $type == Block::TYPE_USER ){ # TODO: why do we not have a User->exists() method? if( !$target->getId() ){ - return wfMessage( 'nosuchusershort', $target->getName() ); + return wfMessage( 'nosuchusershort', + wfEscapeWikiText( $target->getName() ) ); } $status = self::checkUnblockSelf( $target ); diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php index a96205af18..12f4f281af 100644 --- a/includes/specials/SpecialUserlogin.php +++ b/includes/specials/SpecialUserlogin.php @@ -696,9 +696,11 @@ class LoginForm extends SpecialPage { break; case self::NOT_EXISTS: if( $wgUser->isAllowed( 'createaccount' ) ) { - $this->mainLoginForm( wfMsgExt( 'nosuchuser', 'parseinline', $this->mUsername ) ); + $this->mainLoginForm( wfMsgExt( 'nosuchuser', 'parseinline', + wfEscapeWikiText( $this->mUsername ) ) ); } else { - $this->mainLoginForm( wfMsg( 'nosuchusershort', htmlspecialchars( $this->mUsername ) ) ); + $this->mainLoginForm( wfMsg( 'nosuchusershort', + wfEscapeWikiText( $this->mUsername ) ) ); } break; case self::WRONG_PASS: diff --git a/languages/messages/MessagesEn.php b/languages/messages/MessagesEn.php index 7fe1fc73fd..6569dfa1ab 100644 --- a/languages/messages/MessagesEn.php +++ b/languages/messages/MessagesEn.php @@ -1090,7 +1090,7 @@ Ensure you have cookies enabled, reload this page and try again.', 'nosuchuser' => 'There is no user by the name "$1". Usernames are case sensitive. Check your spelling, or [[Special:UserLogin/signup|create a new account]].', -'nosuchusershort' => 'There is no user by the name "$1". +'nosuchusershort' => 'There is no user by the name "$1". Check your spelling.', 'nouserspecified' => 'You have to specify a username.', 'login-userblocked' => 'This user is blocked. Login not allowed.', @@ -1319,9 +1319,9 @@ or [{{fullurl:{{FULLPAGENAME}}|action=edit}} edit this page].', You can [[Special:Search/{{PAGENAME}}|search for this page title]] in other pages, or [{{fullurl:{{#Special:Log}}|page={{FULLPAGENAMEE}}}} search the related logs].', 'noarticletextanon' => '{{int:noarticletext}}', # do not translate or duplicate this message to other languages -'userpage-userdoesnotexist' => 'User account "$1" is not registered. +'userpage-userdoesnotexist' => 'User account "$1" is not registered. Please check if you want to create/edit this page.', -'userpage-userdoesnotexist-view' => 'User account "$1" is not registered.', +'userpage-userdoesnotexist-view' => 'User account "$1" is not registered.', 'blocked-notice-logextract' => 'This user is currently blocked. The latest block log entry is provided below for reference:', 'clearyourcache' => "'''Note: After saving, you may have to bypass your browser's cache to see the changes.''' @@ -2797,7 +2797,7 @@ Feedback and further assistance: Please confirm that you intend to do this, that you understand the consequences, and that you are doing this in accordance with [[{{MediaWiki:Policy-url}}|the policy]].', 'actioncomplete' => 'Action complete', 'actionfailed' => 'Action failed', -'deletedtext' => '"$1" has been deleted. +'deletedtext' => '"$1" has been deleted. See $2 for a record of recent deletions.', 'deletedarticle' => 'deleted "[[$1]]"', 'suppressedarticle' => 'suppressed "[[$1]]"', @@ -2859,7 +2859,7 @@ See the [[Special:ProtectedPages|protected pages list]] for the list of currentl 'protect_expiry_invalid' => 'Expiry time is invalid.', 'protect_expiry_old' => 'Expiry time is in the past.', 'protect-unchain-permissions' => 'Unlock further protect options', -'protect-text' => "You may view and change the protection level here for the page '''$1'''.", +'protect-text' => "You may view and change the protection level here for the page '''$1'''.", 'protect-locked-blocked' => "You cannot change protection levels while blocked. Here are the current settings for the page '''$1''':", 'protect-locked-dblock' => "Protection levels cannot be changed due to an active database lock.